Traditionally, personal computing hardware and software systems followed a model where users explicitly made trust decisions about every new piece of software installed and run on computer hardware. For instance, a user could install software by inserting a compact disk (CD) into a computer system. The user was responsible for the safety of the installed software.
Different security issues, however, may arise for software applications that are delivered to computers via the Internet via, for example, a web browser. For example, large companies may not wish to automatically trust each application that individual employees download.
As an application platform, the modern web browser brings together a remarkable combination of resources, including seamless access to Internet resources, including access to a wide variety of application software. For example, web browser extensions and web applications may be written using the same standard web technology that developers use to create web pages. This is beneficial because it allows developers to create content without having to be concerned with compatibility with the entire World Wide Web, such as presentation differences between different types of web pages. Yet, this potentially means that a web application or browser extension is vulnerable to standard classes of bugs. Accordingly, large companies and individual users need tools to manage permissions and capabilities for web applications and browser extensions.